Chances are you skip the small print in pop-up license agreements when
installing a new piece of software, downloading a program from the Web, joining
a multiplayer game or accessing online content. Just click "I agree" and get on
with your business, right? Too bad. You may have just given a hug to uninvited
spyware, adware and sneakware. Read On:
At best, nefarious spyware code causes a low-level bother: inundating your PC with pop-up ads. More ominously, it may nest on your hard drive and collect hard data on your browsing patterns and online buying habits, then transmit the intelligence via your Internet connection to a marketing or research company, who likely sells it to vendors who in turn bombard you with more ads.
It gets worse. One recent breed of adware (known as a browser helper object) attaches itself to a browser just like a standard plug-in. Some change your default page or favorites listings, automatically redirect your browser to offensive adult sites or embed themselves in common software applications, sapping memory and drive space, even crashing your system.
All legally. After all, you said, "I agree." Unfortunately, in some cases, software doesn't ask for your consent: it's automatically installed when you open certain spam emails or visit certain Web pages, a technique known as "drive-by download." While its legality is open to debate, it's becoming increasingly popular. Another method is "mousetrapping," in which one pop-up window after another opens up on your browser faster than you can shut them down. Most often, these pages start to launch when you exit the site you originally visited.
The technology used in these attacks on your PC isn't new, but it's gained momentum with the popularity of file-swapping sites such as Kazaa. Most of these services are ad-supported, and bundling these intrusive programs is the only way they can survive. It's possible the programs were launched with the best of intentions and legitimate advertising partners. However, as the data collected from each user does the rounds, the ads popping up seem to be increasingly dubious.
As the concern over spyware mounts, some name-brand companies have come under fire for using similar techniques to protect their copyright. For example, message boards buzzed earlier this year with news that Intuit, maker of top-selling personal finance applications such as Quicken, had installed user monitoring tools on its TurboTax program. The fears were unfounded: Intuit did include a product activation code that "locked" the program to a single PC, but it didn't monitor user patterns, and certainly didn't collect and disseminate personal financial data, as some rumors suggested. Still, the company was forced to hire an independent testing firm to verify its actions. Stung by the PR battering it's taken from some of its most loyal users, Intuit says it will remove some of the more distasteful aspects of the program from next year's TurboTax.
Not surprisingly, even the federal government has gotten in on the action. Earlier this year, the Department of Justice incensed the libertarian geek community with an under-publicized proposal known as the Domestic Security Enhancement Act, designed to give the government freer rein to monitor which sites users visit, what they search for on Google, and what they say in their emails. The proposal also resurrects fears of the FBI's Magic Lantern spyware, which uses old technology to track users' keystrokes, and the recent Carnivore surveillance system.
Fighting Back Against the Spies
Once spyware and adware programs embed themselves in the PC registry, only a sophisticated technician or dedicated software can remove them. In fact, sometimes it's classic one-upmanship, with spyware and anti-spyware programs trying to outwit one another.
Most ISPs and companies put up firewalls, but these are typically designed to keep viruses from coming in, not information from going out. Therefore, when rogue programs piggyback on legitimate programs to invade users' machines, they're usually home free inside the network.
So, use common sense. Read the license agreement before signing on. Never open unsolicited email. Better yet, put an anti-spyware solution on your side, which combines personal identifiable information protection with online advertisement blocking and content filtering. It secures your personal information from being transmitted accidentally while providing greater control over your family's Internet experience.